Recently, Pew Research Center revealed that 59% of U.S. workers say their jobs can be done from home and they are working from home all or most of the time. As we inch closer to post-pandemic recovery, it is evident that remote work, to some degree, is here to stay.
While remote and hybrid work has become increasingly popular—completely revolutionizing global talent acquisition and onboarding processes—privacy and cybersecurity threats remain grave concerns for many businesses and HR leaders. This is especially true given the volume of employees using both personal and work-issued devices for work-related tasks. Security is no longer just a chief information security officer (CISO) or an IT concern but rather a risk that impacts the whole organization and its reputation, requiring active participation from all employees across the business, starting foremost with HR.
Cybersecurity: A Prolonged Stressor for the Remote Workforce
The pandemic, supply chain disruptions, and chip shortages are contributing factors that force organizations to rely on their employees’ personal devices to get the job done. A Beyond Identity study found that nearly half (49.6%) of survey respondents only use work-issued devices, while 39.1% use both personal and work-issued devices. Therefore, there is a substantially higher amount of corporate data being distributed across personal devices than many may realize. Consequently, companies’ data and network infrastructure will face a higher risk exposure to cyberthreats, hackers, and even bad actors.
In March, President Joe Biden warned of impending cyberattacks, urging Americans to bolster security measures. With a distributed workforce, organizations—now more than ever—require visibility into the location of their greatest asset: data. From a hiring perspective, companies acquiring global talent must adapt and mitigate the risks that accompany globally dispersed candidates and employees.
While larger organizations are often able to rely on software solutions, smaller businesses may struggle to break through the veil of personal ownership. So, what should enterprises of all sizes and sectors do to secure their company’s data, protect their employees’ privacy, and build a resilient remote workforce?
Understanding Where Your Data Lives
According to Ground Labs research, 70% of professionals surveyed believe their organization does not know where all of its data is stored. And just last year, in the United States alone, some 47 million Americans exited their jobs. Whether they intend to or not, some employees take data with them when they leave, which is an added risk given today’s security threat landscape.
Correspondingly, with emerging regulations, security is not the only concern for understanding where data is stored; compliance is paramount, too. Therefore, it is essential for any organization complying with privacy regulations, such as the General Data Protection Regulation (GDPR), Health Insurance Portability and Accountability Act (HIPAA), or California Consumer Privacy Act (CCPA), to first understand what personal data it is holding. That includes knowing the location, amount, and types of information collected, such as the country or jurisdiction of the data subjects. Having data awareness helps a company distinguish the value of its assets and develop a comprehensive security strategy.
Taking a holistic approach to data security is one of the most effective avenues to achieving compliance. Unless your organization is sharing customer data with a third party, your employees are often the only people with access to your company’s crown jewels repository of customer data.
Training employees across departments on proper handling and storage practices is a great first step to building a security strategy and installing a strong sense of high alert when working with files and other data sources that contain the personal and private details of individuals. These individuals, whether customers, contestants, employees, or other private citizens, have placed a high level of trust in the organization they’ve handed their information to, and they expect that information to be kept private and secure.
To honor and follow through on ensuring your organization meets this expectation, consider hiring a data protection officer (DPO). Or, assign an adequately skilled individual to become responsible for data privacy and security oversight, and give your organization another level of assurance that data safeguards are being implemented and overseen as an ongoing process.
Likewise, consider how nontechnology groups across the organization, such as HR and marketing, can be engaged and educated on how to detect and remove unnecessary personal data, such as ex-employee data, old customer service case logs, and out-of-date marketing prospect lists. This will further help the organization remove unnecessary risks and achieve greater visibility and awareness of personal data.
Without these critical steps, any subsequent decision of action will be based on the assumption of where data is and lead to considerable risks being overlooked or ignored. At the same time, bear in mind that you can protect the organization while also instilling confidence in your employees’ ability to safely make data-driven decisions in their role.
As businesses continue to navigate our third year in a pandemic and adjust to an ongoing—and a potentially permanent—hybrid workplace, prioritizing data security, compliance, and privacy is table stakes that are no longer reserved for large organizations with dedicated security teams. This acceptance of responsibility is now the norm for any organization of any size that has a need to collect and handle any form of personal data.
Stephen Cavey is the co-founder and chief evangelist of Ground Labs.